| Mholloway added a comment. |
I've got a patch to pass through the X-Client-IP header to WDQS. However, if I'm interpreting the VCL code correctly, it looks like it will be stripped in Varnish and replaced with the IP of the requesting Kartotherian host when hitting the public WDQS endpoint:
sub recv_fe_ip_processing {
[...]
if (client.ip !~ local_host) {
// only the local nginx TLS terminator should set these at all -
// there are no other internal exceptions to that rule
unset req.http.X-Client-IP;
unset req.http.X-Connection-Properties;
}
[...]
}If we're sure that it's reasonably safe to bypass the cache and hit the internal WDQS endpoint instead, then that doesn't matter, of course. Updating Kartotherian to hit the internal endpoint is just a matter of deploying a config change. (I should note that we're blocked on deploying Kartotherian in production until updating the maps cluster to Stretch is complete, but we could still test this in the beta cluster in the meantime.)
TASK DETAIL
EMAIL PREFERENCES
To: Mholloway
Cc: mobrovac, MSantos, Gehel, Aklapper, MaxSem, Pnorman, Mholloway, Smalyshev, Amatissart, Lahi, Gq86, Looniverse, Lucas_Werkmeister_WMDE, GoranSMilovanovic, QZanden, EBjune, Orienteerix, merbst, LawExplorer, Naveenpf, JGirault, Jonas, phabyogi, Xmlizer, Susannaanas, lxbarth, Eevans, jkroll, Planemad, Hardikj, Wikidata-bugs, Jdouglas, aude, Tobias1984, Manybubbles, Yurik, Jdforrester-WMF, Mbch331, Jay8g
Cc: mobrovac, MSantos, Gehel, Aklapper, MaxSem, Pnorman, Mholloway, Smalyshev, Amatissart, Lahi, Gq86, Looniverse, Lucas_Werkmeister_WMDE, GoranSMilovanovic, QZanden, EBjune, Orienteerix, merbst, LawExplorer, Naveenpf, JGirault, Jonas, phabyogi, Xmlizer, Susannaanas, lxbarth, Eevans, jkroll, Planemad, Hardikj, Wikidata-bugs, Jdouglas, aude, Tobias1984, Manybubbles, Yurik, Jdforrester-WMF, Mbch331, Jay8g
_______________________________________________ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
